Re: [Mailman-Developers] Two more DMARC mitigations
Jim Popovitch writes:
On Thu, Jun 12, 2014 at 10:18 AM, John Levine <johnl@taugh.com> wrote:
- Forwarding signature
It seems to me that a non-DMARC subdomain, for users, would be easier and better for all..
No, the mailbox providers already can do that and it's not because they were caught with their shorts down that they didn't. They really really mean "p=reject" for users. A senior admin at Yahoo! was very clear on damrc@ietf that they want their vanilla users covered by "p=reject" because the threat model (which is not phishing, it's "recommended by friend" spam) involves user mailboxes.
She also said that (as of a week ago) the attack based on stolen contact lists was continuing to flood their incoming MXes, despite over a month of "p=reject" (contrary to AOL's claims that "p=reject" stopped the attack). No explanation has been given why the spammers are continuing to spend their resources on the attack.
- Submit and sign
Oh god, NO!
Oh, c'mon, Jim. This is just the evil kind of thing we *want* to do to AOL!
On Thu, Jun 12, 2014 at 6:02 PM, Stephen J. Turnbull <stephen@xemacs.org> wrote:
A senior admin at Yahoo! was very clear on damrc@ietf that they want their vanilla users covered by "p=reject" because the threat model (which is not phishing, it's "recommended by friend" spam) involves user mailboxes.
Yeah, I follow that. BUT... a very senior architect of DMARC established the DMARC spec for non-user mail and specifically recommended that user mail be moved to a non-DMARC signed domain/subdomain. AND THEN, a (that very same senior admin?) Yahoo! employee got involved in the DMARC spec and it became the bastardized DMARC spec. I relish in pointing this out from time to time, thank you for the oppty to do it again. ;-)
-Jim P.
Stephen J. Turnbull writes:
She also said that (as of a week ago) the attack based on stolen contact lists was continuing to flood their incoming MXes,
This statement turns out to be inoperative. Elizabeth now plausibly denies this, claiming that she never said they were still conducting a massive spam attack.[1] What's happening is that the spammers are sending a small number of probes to check whether Yahoo! (and presumably AOL as well) retracts "p=reject".
Footnotes: [1] This is true. She said they "never stopped", without specifying what they hadn't stopped.
On Jun 13, 2014, at 07:02 AM, Stephen J. Turnbull wrote:
This is just the evil kind of thing we *want* to do to AOL!
That's not the evil thing I *really* want to do. I want to just reject all posts from p=reject sites. But I know we can't get away with that.
-Barry
Barry Warsaw writes:
I want to just reject all posts from p=reject sites. But I know we can't get away with that.
*We* (= mailman-developers) probably can. And Mailman 2.1.18-1 already has a facility to allow per-list decisions to do so. I know how you feel :-), but I think that's good enough.
participants (3)
-
Barry Warsaw -
Jim Popovitch -
Stephen J. Turnbull